status after 7.1 and pgcrypto update / crypt(table.field) ?

On Thu, Apr 26, 2001 at 05:20:53PM +0200, Peter Eisentraut wrote:
> will trillich writes:
> > i know "password" can be used in creating/altering user
> > information (as used via GRANT and REVOKE) but is there any
> > facility within postgres to CRYPT() a value?
> 
> See contrib/pgcrypto for hashing functions.

Problem is the hashing functions are not good for
password storage.


A general question: what is the status on patch acceptance
now, after 7.1 is successfully released?  I did not
want to fuzz around with new code when 7.1 was in freeze,
but what is the status now?

Specifically - pgcrypto current state:

In the pgsql/contrib:

* digest() / encode() - stable.

In my pgcrypto separate release:

* digest() / encode() / hmac() - stable. I have changed the internal interfaces compared to main CVS.

* crypt() / gen_salt() - stable.  DES/MD5/Blowfish crypt() (Blowfish is unreleased).  Code seems to be working quite
well.

* encrypt() / decrypt() - unstable.  Not in the 'buggy'-sense, but the 0.3 encrypt() is unsatisfactory for long-term
storageand security and compatibility.  Also their spec is confusing to users.  In the next release they will be
renamedraw_encrypt() / raw_decrypt() as they really are interfaces to raw ciphers.  I keep them coz they are good for
testingpgcrypto code ;) and also they are ok for crypting short strings.
 

* future: encrypt() / decrypt() will be minimal implementation of OpenPGP standard (RFC2440). "Symmetrically Encrypted
Data"with passwords.  (Is it too big? - The crypted data needs some structure and I dont think inventing some own
formatis good.)
 

Now for this OpenPGP stuff I dont have ATM not even
alpha-quality code.  So full release takes some time.
But hmac() and crypt() code is quite ok and there is no point
on me sitting on it alone.

So I would like to submit the mostly ready parts to main
tree.  When is the right time for it?


-- 
marko